Has this fix been confirmed to help? If so, I'm +1 for releasing 1.3.4 Martijn
On 5/16/08, Johan Compagner <[EMAIL PROTECTED]> wrote: > Or get the snapshot build from or wicketstuff maven repo > > > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: > > Chris, > > > > If you read the thread carefuly you can extract a quick fix. You'll need > > it as the core developers argumented against a quick bugfix release. > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket > > filter). Its a pain, but if you can not wait... > > > > Regards, > > Erik. > > > > > > Chris Lintz wrote: > >> Guys has this been resolved?? We have been having some customers complain > >> as > >> well (some sending screen shots of others peoples data as proof). > >> Because > >> our users click streams are available publically at their control, we had > >> thought jsessionids occurring in the click stream were being maliciously > >> hijacked. We plugged that hole disallowing any jsessionid to be part of > >> url > >> (via Servlet filter) - yes this of course means JavaScript must be > >> enabled. > >> This involuntary session sharing is still occurring. We are running > >> release > >> 1.3.2. > >> > >> > >> > > -- > > Erik van Oosten > > http://day-to-day-stuff.blogspot.com/ > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.3 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
